Upgrade notes
Before upgrading a Rudder server, you should make a backup by following the backup procedure. |
Plugins disabled during upgrade
Each time Rudder is upgraded, plugins are disabled. You need to enable them back after upgrade.
For that, start by checking if update are available for you new version (it will be mandatory for a minor or major version upgrade) and enable them back.
If you have a subscription, it can done directly with the following commands:
rudder package update rudder package upgrade-all rudder package plugin enable-all
Without a subscription, proceed as you usually do get the latest plugin package, and install it from file:
rudder package install-file /path/to/plugin.rpkg
You can also check for the state of all plugins:
rudder package list --all
And enable only a chosen one, for example for scale-out relay plugin:
rudder package enable rudder-plugin-scale-out-relay
More information about rudder package
command is available with rudder package --help
.
Upgrade from Rudder 6.0
There is not default user anymore, you need to create a user after installation
with This prevents having a time frame after installation where the server is accessible from anyone, and avoids Rudder servers left with open access. |
Rudder now provides bcrypt as hash type for local user passwords. It is the default for new server, but upgraded servers will continue to use existing hashes. It is advised to use bcrypt. To do so, you need to reset existing passwords and compute new hashes, see user management documentation for more details. |
Upgrade from Rudder 6.0 is supported.
Upgrade from Rudder 5.0 (>= 5.0.16)
Upgrade from Rudder 5.0 if >= 5.0.16 is supported.
There is not default user anymore, you need to create a user after installation
with This prevents having a time frame after installation where the server is accessible from anyone, and avoids Rudder servers left with open access. |
Rudder now provides bcrypt as hash type for local user passwords. It is the default for new server, but upgraded servers will continue to use existing hashes. It is advised to use bcrypt. To do so, you need to reset existing passwords and compute new hashes, see user management documentation for more details. |
Rudder 6 comes with a new reporting protocol using HTTPS instead of syslog. It is enabled by default on new installations, but upgraded instances will stay on the syslog protocol for compatibility. You can switch between reporting protocols at any time. You have three reporting options:
You can read more about reporting in the dedicated section. |
The Rudder packages ncf, ncf-api-virtualenv, rudder-inventory-endpoint, rudder-inventory-ldap, rudder-jetty and rudder-techniques have been merged into rudder-webapp. This means that on a server upgrade from Rudder 5.0 those packages will all be removed. This is normal! |
The technique tools folder (in The folder is left in place, but not automatically shared anymore. If you relied on the tools copy mechanism to share files, you can replace it by a standard recursive copy from the shared files. |
Rudder generic method Before the 6.0 Rudder version, when in audit policy mode, the method was not executing the command passed in parameters and would always report an error. In order to limit the compliance drift when switching policy mode we chose to make the method behave in the exact same way in audit mode than in enforce mode because:
|
Rudder 5.0.9 changes the default log level for the configuration server in Rudder. This allows easier debugging and tracability of policy updates, so we enabled it by default, but will produce more logs. If you want to revert to the previous behavior (which only logs errors):
[Service] Environment=VERBOSITY_OPTION=
# You need to uncomment and let empty CFENGINE_COMMUNITY_PARAMS_1=""
Verbosity options can be:
|
The executable |
Rudder 6.1 comes with a new hash function: Bcrypt which allows safer password storage. To switch from a previous hash function (SHA1, SHA256, SH512, MD5) to BCrypt you should change the
htpasswd -nBC 12 "" | tr -d ':\n' | sed 's/$2y/$2b/'
|
Upgrading from versions older 5.0.16 leads to problems when removing rudder-jetty package causing the upgrade command to fail and leave rudder-jetty package in a non functional state. However your Rudder 6.0 should be working, but we recommend to upgrade at least to 5.0.16 before upgrading to 6.0. |
Upgrading to versions before 6.0.3 leads to several errors (service not started, ldap conf not updated to new format …), all these bugs are fixed in 6.0.3 and you consider upgrading at least to 6.0.3. |
Upgrading to 6.0.3 disables all plugins you may have installed because compatibility of previous 6.0 plugins are not compatible with 6.0.3, please reinstall your plugins to their latest versions. |
Upgrade from Rudder 5.0 (< 5.0.16), 4.3 or older
Direct upgrades from 5.0 versions older than 5.0.16, 4.3.x and older are no longer supported on 6.2. If you are still running one of those, either on servers or nodes, please first upgrade to one of the supported versions, and then upgrade to 6.2.
Compatibility between Rudder components
In the tables below:
-
a
+
sign means any newer versions -
a
-
is used to define a range
Server | Relay | Linux agent | Windows agent |
---|---|---|---|
6.1 |
6.0+ |
5.0+ |
5.0-6.2 |
6.2 |
6.0+ |
5.0+ |
6.0+ |
7.0 |
6.0+ |
5.0+ |
6.2+ |
Server | Relay | Linux agent | Windows agent |
---|---|---|---|
5.0.1-5.0.16 |
5.0-6.0 |
5.0-6.0 |
5.0-6.0 |
5.0.17 |
5.0-6.1 |
5.0-6.1 |
5.0-6.1 |
6.1 |
6.0+ |
5.0+ |
5.0-6.2 |
6.2 |
6.0+ |
5.0+ |
6.0+ |
7.0 |
6.0+ |
5.0+ |
6.2+ |
← on SLES on Debian/Ubuntu →